Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/ci.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/ci.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deployment.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/deployment.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deployment.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/deployment.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/deployment.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/deployment.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/deployment.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/deployment.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build-base.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/docker-build-base.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-base.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/docker-build-base.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-base.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/docker-build-base.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-base.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/docker-build-base.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build-base.yaml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/docker-build-base.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/docker-build.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/docker-build.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/docker-build.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/docker-build.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/docker-build.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build.yaml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/docker-build.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/goreleaser.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/goreleaser.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/goreleaser.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/goreleaser.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/goreleaser.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/goreleaser.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/semantic-release.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/semantic-release.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/semantic-release.yaml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/semantic-release.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/semantic-release.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/semantic-release.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/update-godoc.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/aldor007/mort/update-godoc.yaml/master?enable=pin
Warn: containerImage not pinned by hash: Dockerfile:1
Warn: containerImage not pinned by hash: Dockerfile:34: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8e5c4f0285ecbb4ead070431d29b576a530d3166df73ec44affc1cd27555141b
Warn: containerImage not pinned by hash: Dockerfile.base:1
Warn: containerImage not pinned by hash: Dockerfile.integrations:1: pin your Docker image by updating node:17-slim to node:17-slim@sha256:a180966357fe14cac9dd6c9cd496ed4d85b8a598cb33482705ecebad646145e3
Warn: containerImage not pinned by hash: Dockerfile.test:1: pin your Docker image by updating ghcr.io/aldor007/mort-base to ghcr.io/aldor007/mort-base@sha256:5ca0d01b460ad8179c3ba3d93d97f355a371715cc7e4de09db3e248463969ba0
Warn: containerImage not pinned by hash: example/Dockerfile:1: pin your Docker image by updating aldor007/mort to aldor007/mort@sha256:9035129cc44c8ba7df52684f9716070e47d900758a049ec4de03086a6cd22a3f
Warn: npmCommand not pinned by hash: Dockerfile.integrations:8
Warn: npmCommand not pinned by hash: .github/workflows/ci.yaml:63
Warn: npmCommand not pinned by hash: .github/workflows/ci.yaml:96
Warn: npmCommand not pinned by hash: .github/workflows/semantic-release.yaml:39
Info: 0 out of 17 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 12 third-party GitHubAction dependencies pinned
Info: 0 out of 6 containerImage dependencies pinned
Info: 0 out of 4 npmCommand dependencies pinned